check_http SSL crashes

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
felixphew
Posts: 2
Joined: Tue Sep 11, 2018 12:37 am

check_http SSL crashes

Post by felixphew »

Hi,

I'm having some trouble using check_http to test HTTPS addresses. It appears to be crashing.

Here's where I've got to so far in troubleshooting:

Code: Select all

# libexec/check_http -H my.site
HTTP OK: HTTP/1.1 301 Moved Permanently - 237 bytes in 0.609 second response time |time=0.609220s;;;0.000000 size=237B;;;0

Code: Select all

# libexec/check_http -H my.site -S
CRITICAL - Cannot make SSL connection.
1:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:802:
Segmentation fault (core dumped)

Code: Select all

# openssl s_client -connect my.site:443 
CONNECTED(00000004)
1:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:802:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1536644707
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Code: Select all

# openssl version -a
OpenSSL 1.0.2o  27 Mar 2018
built on: date not available
platform: information not available
options:  bn(64,64) rc4(16x,int) des(ptr,cisc,16,int) blowfish(ptr) 
compiler: information not available
OPENSSLDIR: "/etc/openssl"

Code: Select all

# curl https://my.site
<normal page content>
I've seen similar issues on the forums were caused by SSL errors (which looks to be the case here), however cURL (which is also linked against the same OpenSSL) is doing just fine. The certificate is a Let's Encrypt cert.

Does anyone know where I should go from here?
Top
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: check_http SSL crashes

Post by npolovenko »

Hello, @felixphew. Please try the following command:
/usr/local/nagios/libexec/check_http -H my.site -f ok -p 443 --sni
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
felixphew
Posts: 2
Joined: Tue Sep 11, 2018 12:37 am

Re: check_http SSL crashes

Post by felixphew »

npolovenko wrote:Hello, @felixphew. Please try the following command:
/usr/local/nagios/libexec/check_http -H my.site -f ok -p 443 --sni
Thanks for this! The command above didn't work as is, but --sni was what I was looking for, and worked fine once I re-added -S.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: check_http SSL crashes

Post by scottwilkerson »

felixphew wrote:Thanks for this! The command above didn't work as is, but --sni was what I was looking for, and worked fine once I re-added -S.
great! Glad it is working

Locking thread
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
Locked

Return to “Open Source Nagios Projects”